Implemented signing. Works, but validation does not fail if you remove the signature.

openid-connect-server/src/main/java/org/mitre/jwt/signer/service/JwtSigningAndValidationService.java

@@ -48,13 +48,13 @@ public interface JwtSigningAndValidationService {
 	public boolean validateSignature(String jwtString);
 	
 	/**
-	 * Called to sign a jwt for a client that hasn't registered a preferred signing algorithm.
+	 * Called to sign a jwt in place for a client that hasn't registered a preferred signing algorithm.
 	 * Use the default algorithm to sign.
 	 * 
 	 * @param jwt the jwt to sign
 	 * @return the signed jwt
 	 */
-	public Jwt signJwt(Jwt jwt);
+	public void signJwt(Jwt jwt);
 	
 	/**
 	 * Sign a jwt using the selected algorithm. The algorithm is selected using the String parameter values specified

openid-connect-server/src/main/java/org/mitre/jwt/signer/service/impl/JwtSigningAndValidationServiceDefault.java

@@ -185,15 +185,17 @@ public class JwtSigningAndValidationServiceDefault implements
 		return false;
 	}
 
+	/**
+	 * Sign a jwt in place using the configured default signer.
+	 */
 	@Override
-	public Jwt signJwt(Jwt jwt) {
+	public void signJwt(Jwt jwt) {
 		String signerId = configBean.getDefaultJwtSigner();
 		
-		//JwtSigner signer = map.get(signerId);
+		JwtSigner signer = signers.get(signerId);
 		
-		//signer.sign(jwt);
+		signer.sign(jwt);
 
-		return null;
 	}
 
 	/**

openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectAuthCodeTokenGranter.java

@@ -153,6 +153,8 @@ public class ConnectAuthCodeTokenGranter implements TokenGranter {
 		// handle expiration
 		token.getJwt().getClaims().setExpiration(token.getExpiration());
 		
+		jwtService.signJwt(token.getJwt());
+		
 		/**
 		 * Authorization request scope MUST include "openid", but access token request 
 		 * may or may not include the scope parameter. As long as the AuthorizationRequest 
@@ -173,7 +175,7 @@ public class ConnectAuthCodeTokenGranter implements TokenGranter {
 			//TODO: check client to see if they have a preferred alg, attempt to use that
 			
 			//TODO: uncomment line below once RsaSigner bean has been set up and added to the configBean
-			//idToken = (IdToken) jwtService.signJwt(idToken);
+			jwtService.signJwt(idToken);
 			
 			token.setIdToken(idToken);
 		}

openid-connect-server/src/main/webapp/WEB-INF/spring/application-context.xml

@@ -81,14 +81,9 @@
 		<property name="showSql" value="true" />
 	</bean>
 
-	
-<!-- TODO: get signer set up -->
-<!-- 	<bean id="rsaSigner1" class="org.mitre.jwt.signer.impl.RsaSigner"/>  -->
-
 	<bean id="configBean" class="org.mitre.openid.connect.config.ConfigurationPropertiesBean">
 		<property name="issuer" value="http://localhost/" />
-		<!-- TODO: plug in default signer -->
+ 		<property name="defaultJwtSigner"  value="rsa1"/>
-<!-- 		<property name="defaultJwtSigner"  value="rsaSigner1"/> -->
 	</bean>
 
 	<!-- Map our custom exception classes to named views -->

openid-connect-server/src/main/webapp/db/tables/accesstoken.sql

@@ -1,9 +1,9 @@
 CREATE TABLE accesstoken (
-	id VARCHAR(256),
+	id VARCHAR(4096),
 	expiration TIMESTAMP,
 	tokenType VARCHAR(256),
 	refresh_token_id VARCHAR(256),
 	client_id VARCHAR(256),
 	authentication LONGBLOB,
-	idTokenString VARCHAR(256)
+	idTokenString VARCHAR(4096)
 );